Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-05	CVE-2013-6365	Cross-Site Request Forgery (CSRF) vulnerability in multiple products Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions network high complexity horde opensuse debian CWE-352	5.3
2019-11-01	CVE-2013-4168	Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields. network low complexity smokeping debian fedoraproject CWE-79	6.1
2019-11-01	CVE-2013-2255	Improper Certificate Validation vulnerability in multiple products HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. network high complexity redhat openstack debian CWE-295	5.9
2019-11-01	CVE-2005-2351	Exposure of Resource to Wrong Sphere vulnerability in multiple products Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files. local low complexity mutt debian CWE-668	5.5
2019-11-01	CVE-2013-3718	Improper Input Validation vulnerability in multiple products evince is missing a check on number of pages which can lead to a segmentation fault local low complexity gnome debian redhat opensuse CWE-20	5.5
2019-10-31	CVE-2012-6123	Improper Input Validation vulnerability in multiple products Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack." network low complexity call-cc debian CWE-20	6.5
2019-10-31	CVE-2013-1951	Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names. network low complexity mediawiki debian CWE-79	6.1
2019-10-31	CVE-2013-1934	Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value. network low complexity mantisbt debian CWE-79	5.4
2019-10-31	CVE-2010-2490	Improper Input Validation vulnerability in multiple products Mumble: murmur-server has DoS due to malformed client query network low complexity mumble debian CWE-20	6.5
2019-10-31	CVE-2019-18424	OS Command Injection vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. low complexity xen debian fedoraproject opensuse CWE-78	6.8